DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Pell City notifies residents of vendor breach

Posted on November 12, 2020 by Dissent

On September 20, this site noted a breach impacting some residents of Pell City, Alabama.  At that time, there were many unanswered questions based on the little the city had disclosed.

Now they have published a press release that reveals that the breach involved their vendor, Technology Management Resources (TMR). The TMR breach had been described by Arkansas Methodist Medical Center in its own breach disclosure last month. In that disclosure, they had written:

 On July 3, 2020, TMR discovered that a TMR employee’s user account had been compromised. AMMC was notified of this incident on August 24, 2020 and has been actively seeking information regarding the incident to be able to provide this notice.

Upon discovery of the incident, TMR reported that they secured the account and began an investigation in consultation with external cybersecurity professionals. TMR has stated that their investigation determined that the threat actor may have viewed images of checks and related images containing potential Protected Health Information (PHI) related to customers of Arkansas Methodist Medical Center. According to TMR, the threat actor activity occurred between August 5, 2018 and May 31, 2020, with the bulk of the activity occurring between February and May 2020. TMR notified the FBI of this incident.

Pell City, Alabama notes that 1,050 of their residents were impacted, but their notification gives a different date range that TMR gave them:

The City of Pell City has been informed of a potential security breach at Technology Management Resources, Inc. (TMR), which aids Valley Bank in processing check payments for utility customers.  TMR has disclosed that an unknown third-party had access to the processing files, which contained scanned check images, from May 1 to May 3, 2020 and from June 1 to July 1, 2020.

This matter has been reported to the FBI for criminal investigation and TMR has engaged independent cybersecurity and forensics professionals to assess the situation.  As of this date, there is no indication that the exposed information has been misused, disseminated, or made publically available.

In Pell City’s case, the exposed information includes the “name, address, checking account number, ABA routing number, and any other information appearing on the front of the check.”

DataBreaches.net sent an email inquiry earlier this morning to TMR seeking clarification as to the timeframe of the breach and to ask how many people, total, were being notified nationwide, but received no immediate reply. This post will be updated when a response is received.

Category: Breach IncidentsGovernment SectorSubcontractor

Post navigation

← Breach Lawsuit Spotlights Complex Vendor Issues
“Email Appender” Implants Malicious Emails Directly Into Mailboxes →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.